Cybersecurity Risk Specialist

Roles and responsibilities

Evaluate cybersecurity risks and ensure the security of all systems on an ongoing basis by conducting security surveys and applying urgent solutions to the existing gaps at all levels.
Perform vulnerability assessments of systems and networks to identify deviations from acceptable configurations or applicable policies.
Conduct authorized attempts to penetrate computer systems or networks and physical premises, using realistic threat techniques, to evaluate their security and detect potential vulnerabilities.
Perform cybersecurity audits to assess SPL’s compliance with applicable requirements, policies, standards and controls.
Identify potential risks that might compromise SPL by understanding the cybersecurity vulnerabilities in the organization's assets and mapping them to potential threats.
Risk Identification and Assessment
Risk Assessment: Conduct thorough risk assessments to identify vulnerabilities and threats to the organization’s IT infrastructure, networks, and applications.
Threat Modeling: Use threat modeling techniques to predict potential attack vectors, such as malware, ransomware, phishing, insider threats, and other cyber risks.
Vulnerability Scanning: Perform regular vulnerability scans and security audits to detect and prioritize potential weaknesses in the organization’s systems and applications.
Business Impact Analysis: Evaluate the potential impact of cybersecurity risks on the business, determining how security incidents could affect revenue, reputation, and operational continuity.
Risk Mitigation and Management
Risk Mitigation Strategies: Develop and implement risk mitigation strategies, including policies, procedures, and controls to address identified vulnerabilities and reduce the likelihood of a successful cyber attack.
Security Framework Implementation: Align risk management strategies with industry-recognized security frameworks (e.g., NIST, ISO 27001, CIS Controls) to ensure robust protection against cyber threats.
Security Controls and Measures: Recommend and implement technical controls such as firewalls, encryption, intrusion detection systems (IDS), multi-factor authentication (MFA), and endpoint protection to safeguard against cyber risks.
Incident Response Planning: Collaborate with IT teams to develop and maintain incident response plans to effectively address and contain security breaches or cyber attacks.

Desired candidate profile

Cybersecurity Risk
Compliance Configuration Management
Cybersecurity Auditing
Penetration Testing
Customer Focus
Collaborates
Instill Trust
Drives Results
Security Policy and Compliance
Cybersecurity Policies: Develop and enforce cybersecurity policies that align with industry best practices and organizational objectives, ensuring all employees understand and follow security protocols.
Regulatory Compliance: Ensure that cybersecurity practices are in compliance with relevant regulations and industry standards (e.g., GDPR, HIPAA, PCI-DSS) to avoid legal and financial penalties.
Audit and Monitoring: Oversee regular audits and continuous monitoring of security systems to ensure compliance with internal policies and external regulations.
Risk Reporting: Regularly report on the status of cybersecurity risks and mitigation efforts to senior management, providing clear insights into risk exposure and areas requiring attention.
Security Awareness and Training
Employee Training: Develop and conduct cybersecurity awareness training programs to educate employees about security best practices, phishing prevention, and secure data handling.
Phishing Simulations: Run phishing simulation exercises to raise awareness and improve the organization's defenses against social engineering attacks.
Stakeholder Communication: Collaborate with various departments, such as legal, compliance, and operations, to ensure that all stakeholders understand the importance of cybersecurity risk management and their role in protecting digital assets.